Add hooks for adding an option for selecting a managed password as
lock credential. By default this option will not be visible.
BUG=27923581
Change-Id: Id17bd8074bf23cbcffb96d8576cc760df6f2298a
Changes:
(1) When unified work challenge is enabled and screen lock is secure
- Store work profile secure key in primary profile
- When primary user keystore unlocked, unlock work profile keystore
- When primary user change lock to none, remove work secure key
(2) When unified work challenge is enabled but screen lock is not secure
- When screen lock changes to secure, store work secure key in primary
(3) When user changes work challenge from unified to separated
- Remove work secure key in primary
(4) When user changes work challenge from separate to unified
- Do (1) and (2)
Bug: 27460698
Change-Id: Id7464c178e6ea7b561643477e7cd84f963048c87
This is a partial fix for b/27903189.
When we remove the lock screen and remove all fingerprints, wait for
them to all be removed before finishing the activity. This will let
the security screen accurately show how many fingerprints are available.
bug:27903189
Change-Id: I30908dbefb7a858f6d99e532841ed4ff894bfe62
When ChooseLockScreenGeneric is started via the set password
intents, it should not allow the drawer menu to show.
bug:26288300
Change-Id: I10d512e20fedab2be8c725c7d524db0c55666590
When enrolling fingerprints on both personal and work and then setting
the lock to none or swipe, the fingerprints for that user were not being
correctly removed due to wrong userIds being passed in.
Also fix the wipe dialog message as it was always querying whether the
main user has fingerprints instead of the user the dialog applies to.
Bug: 27263452, 27199237
Change-Id: I8d170e36f31b5595bc0bb41168a87db9f57eda2f
This also adds frp warning dialogs in case the user skips lock
screen setup initially.
bug:26880444
Change-Id: I732b6a806e139fb6c1c1b334b8d1608c229f217c
This will make sure the headers are set before the underlying
RecyclerView has made its first layout, and prevents an animation
from playing when rotating to landscape.
bug:26990364
Change-Id: I2838a07a145b4d6136e88125ab955006d84d135c
Some invocations of ChooseLockGeneric are done with arguments, but
when invoking it from FingerprintEnrollIntroduction we add the extra
to the activity intent so we need to support both.
Bug: 26901625
Change-Id: Iaabad18bf17160578f6b6d807dc6acfead1ba419
And when adding accounts if only one account type is possible and
it is disabled by admin, show the admin support dialog.
Bug: 26897250
Bug: 26767564
Change-Id: I5cca64491a100efc34307c45aa35c14412f043cd
Fixes a bug where if you upgrade a device with screen lock,
screen lock suggestion would show (upgrade such as N->N developer
builds) or from a user test case like M->N
bug:26844580
Change-Id: Ic779ff28f5895e407c2c96771dbbc622e6026a7f
Also, fixes a bug where the suggested activity stayed on screen
after the component was disabled causing a crash.
bug:25246207
bug:26770556
Change-Id: I28d784cdc57e464e49887483690ab514ca3bc46a
This reduces the # of screens, and makes the backup lock choice
for fingerprint more obvious that it is a backup.
bug:26377096
Change-Id: I4e75e1f3302c286587de106bcdf43537bda03390
The messages in ConfirmDeviceCredentials have been updated to
inform the user that the pattern/pin/password to be entered is
the profile one.
The strings in the confirmation dialog when the user removes
the lock have also been updated.
Ideally we would have a parametrized approach to strings here,
but capitalization makes it a hard problem.
Bug: 26706338, 26709116
Change-Id: I9f5508d6f449f9e572d65e5b2dcb15cca23832b3
- When in a unified state, selecting the work lock to be "none" caused
a security exception
- When the work lock was set to "none", unifying didn't work
- When in a unified state, the work lock type selection screen showed
"none" as the current type instead of the device lock type
Bug: 26577247
Change-Id: I853d77186e23b6a458eaa6c1047942a7eefddc9c
If the challenge shown is for a work profile, add the default image and
color to the background of the fragment.
Change-Id: I148c6cd3a835a84c7bac78b020839dfdae4a6c36
Have ChooseLockGeneric resolve the new intent that allows setting the
parent challenge. If the new intent is received or seperate work
challenge is not supported, default to setting the challenge of the
parent user, otherwise use the calling user.
Change-Id: Ibd0ce8ce81b1d5c9073d4eb0096fdc74de12ee95
Create a new section in Security Settings which includes all
settings for the Work Challenge.
Only some settings apply to the Work Challenge, so we reuse
the security settings layouts for items and compare them against
a whitelist to remove unwanted items.
Additionally, remove all usages of ChooseLockGeneric.KEY_USER_ID
in favor of Intent.EXTRA_USER_ID.
Change-Id: I3d1ba953a2056f7c61a7b3feeb8b49f1a352dff6
Modify the back stack and result code propagation in the screen lock
scenarios.
- EncryptionInterstitial now propagates the result of ChooseLock*
request instead of always returning RESULT_OK.
- ChooseLockGeneric now treats CHOOSE_LOCK_REQUEST and
ENABLE_ENCRYPTION_REQUEST the same (since encryption can be a proxy
for ChooseLock*). This means ChooseLockGeneric will now stay on
back stack when going back from ChooseLock*, just like the case
(indirectly) through EncryptionInterstitial.
Bug: 26177240
Change-Id: Id7f1256dcbff00d552a3e7db60c285f53f1e63e6
When the user changing passphrase is not the process' user, disable
the "Ask for password on device startup" screen, as it makes no sense.
Change-Id: I521b5ec8702f7a39b94012a606794e04135e4c75
This is a first step to allow this flow to be reused for setting
a work profile-specific lock, to be used with the work challenge.
Change-Id: Iaa65fdab9021cda5f0a1d3bc526a6b54f8a7dd16
Use mcc config overlay mechanism to hide none security option
in countries where it is mandatory.
To hide none security option, set config_hide_none_security_option config
true as mcc config overlay.
Bug: 22209425
Bug: 22975388
Change-Id: I774c53e17d3b50393816622134e58f8e06b76fab
The code was blindly calling fpm.remove(0) to remove all
fingerprint templates and then waiting for them to be removed.
Fixes bug 23183484
Change-Id: Ie510097d85bba32d965ba3c7f324f6c042e08300
Show a help text saying "Choose your backup screen lock method" when
asking the user for backup screen lock during fingerprint enrollment.
A backup translation is specified, using the source string "Set up your
backup screen lock method".
Bug: 22879473
Change-Id: I9b9348141227103e695d1fc78601745cac0309a7
Change the message for encryption interstitial when enrollin
fingerprint, to make it clear that fingerprint unlock is still used,
just that the backup unlock PIN / password / pattern will be needed
to start the device.
Bug: 22559146
Change-Id: Ia134e0d9b118151833a9118ff44667dcc9122185
Keystore no longer requires a password to operate and only deletes
encrypted at rest entries when the user removes their password, so
blocking password downgrade is no longer required.
Bug: 20764363
Change-Id: I6f06acc71a4165282985082203ae1194491844c7
When DO_NOT_ASK_CREDENTIALS_ON_BOOT flag is set in
DevicePolicyManager, the Settings UI:
1) Should not encrypt the device with password when the
user encrypts the device for the first time. The default
encryption type should be used instead.
2) Should not give the choice to the user whether to
encrypt the device with password/PIN or not but always
encrypt the device without password.
Related CL: https://googleplex-android-review.git.corp.google.com/#/c/665371/
Change-Id: Ic09f02c033a0b16b7ffc45bf6d675b62d1be4bd8
